Main Menu
Fall Sale! Code FALL2024 takes 25% OFF our Pro Plugins & Books »
Perishable Press
Web Dev + WordPress + Security
eBook: The Tao of WordPress
The Tao of WordPress: Master the art of WordPress.
Related Posts
+ More related posts »

7G Firewall for Nginx

♦ Posted by in .htaccess, Security
Updated 5 comments

7G Nginx After several months of development, the official Nginx version of the 7G Firewall is out of beta and ready for public use. If you are not familiar with 7G Firewall, check out the documentation for the Apache/.htaccess version. The Nginx version of the 7G Firewall works the exact same way, so I won’t bother repeating everything here. The only difference is the implementation, how to set it up on an Nginx server, which is explained in this post.

Contents

Check out a live demo of 7G Nginx »

Preamble

In order to implement the Nginx version of 7G Firewall, you need to be familiar with Nginx and its various configuration files. That is to say, this is not a tutorial on setting up or configuring Nginx in general. Rather it assumes that you already have Nginx up and running, and want to add the 7G Firewall.

Overview

There are two parts to Nginx 7G: conditional logic and firewall rules. Each of these parts will be placed in their own file. Then each file needs included via your Nginx configuration. Here is a visual of the basic directory structure:

7G Firewall for Nginx - Directory StructureDirectory Structure for 7G Nginx

The main Nginx configuration file is /nginx/nginx.conf. This file will include 7g-firewall.conf, which contains the actual 7G Firewall rules.

The local/site configuration file is /nginx/sites-enabled/example.com. This file will include 7g.conf, which contains the conditional logic.

So we’ll be working with four configuration files in total:

  • nginx.conf — includes 7g-firewall.conf
  • example.com — includes 7g.conf
Important: Remember to change example.com to match your own domain name.

Installation

Here are the basic steps to implement 7G Nginx. Note that Nginx configurations may vary depending on web host and environment, etc. If in doubt, ask your web host.

Step 1: Add the files

First, download the 7G Nginx Firewall (ZIP file). Then unzip the download file to get the following:

  • 7g-firewall.conf
  • 7g.conf

Add those two files to the /nginx/conf.d/ directory, as shown in the previous screenshot. Once those files are in place, they need to be included in your Nginx configuration.

Step 2: Include the firewall rules

In your main Nginx configuration file /nginx/nginx.conf, add the following include statement. This will include the file that contains the 7G firewall rules.

http {
	.
	.
	.
	include /etc/nginx/conf.d/7g-firewall.conf;
	.
	.
	.
}
Note: the three vertical dots represent any other existing rules that may be in place. Do NOT add the dots to any of your files. They are for illustrative purposes only.

Make sure the path is correct based on the directory structure on your server.

Step 3: Include the conditional logic

In your local/site configuration file /nginx/sites-enabled/example.com, add the following include statement. This will include the file that contains the conditional 7G rules.

server {
	.
	.
	.
	include /etc/nginx/conf.d/7g.conf;
	.
	.
	.
}
Note: the three vertical dots represent any other existing rules that may be in place. Do NOT add the dots to any of your files. They are for illustrative purposes only.

Again, make sure the path is correct based on the directory structure on your server.

Step 4: Restart the server

After making changes to your Nginx configuration, you need to restart the server in order for the changes to take effect. Consult your web host documentation for the best way to do this for your particular setup.

Step 5: Testing

At this point, you should have the two 7G files included in your Nginx configuration. And server restarted so the new rules are in effect. The next step is to begin thorough testing, to make sure that everything is working properly. You want to check that your site is operating normally. And also want to check that the 7G Firewall is working correctly, blocking bad requests and so forth.

Tip: You can use nginxdev.com to make test requests and compare server responses for various 7G queries. The nginxdev.com site is running the latest version of 7G Nginx.

Alternate Installation

For Nginx version 1.18 and better, you can take advantage of the snippets directory, makes things a little simpler to implement. Here are the steps:

  1. Add 7g-firewall.conf to /etc/nginx/conf.d
  2. Add 7g.conf to /etc/nginx/snippets
  3. Add include /etc/nginx/snippets/7g.conf; to the server directive

Done! Thanks to one of our readers for sharing this alternate “snippets” technique.

Download

Note: The same license and disclaimer applies to both Apache and Nginx versions of 7G Firewall. For details, check out the License and Disclaimer on the 7G homepage.

Download 7G Firewall for NginxVersion 1.6 ( 5.69 KB ZIP )
Note: To retain the Unix LF EOL characters (line breaks) in the 7G text file, it is recommended to use a program that supports them, such as Notepad++ (free for Windows) or TextEdit or BBEdit (free for Mac). The line breaks keep the code structured and readable, instead of a big jumbled mess.

For more information about 7G, check out the 7G Firewall homepage.

Feedback, bug reports, etc.

Questions about the Nginx version of 7G are welcome on this post. Or you can send an email via my contact form.

Show support

I spend countless hours developing the 7G Firewall. I share it freely and openly with the hope that it will help make the Web a safer place for everyone.

If you benefit from my work with 7G and would like to show support, consider buying one of my books, such as .htaccess made easy. You’ll get a complete guide to .htaccess, exclusive forum access, and a ton of awesome techniques for configuring, optimizing, and securing your site.

Of course, tweets, likes, links, and shares are super helpful and very much appreciated. Your generous support allows me to continue developing the 7G Firewall and other awesome resources for the community. Thank you kindly :)

Support 7G Firewall: Donate via PayPal or your favorite cryptocurrency »

Thanks to..

Thanks to the following resources for their work on 7G Nginx:

Also thank you to everyone who contributed with feedback and testing the beta version. Your help is appreciated.

apache blacklist firewall mod_rewrite nG nginx
About the Author
Jeff Starr = Designer. Developer. Producer. Writer. Editor. Etc.
Banhammer: Protect your WordPress site against threats.
← Next Post
Previous Post →

5 responses to “7G Firewall for Nginx”

  1. Krzysztof Maciejewski 2021/02/03 11:14 pm

    Please make OpenLiteSpeed Version

    Thanks for your work

  2. David 2021/03/01 6:56 am

    Hi,

    Thanks for your Nginx version of the 7G-FW.

    The install instructions state that the file: include /etc/nginx/conf.d/7g-firewall.conf; should be added to /etc/nginx/nginx.conf

    Although a default install of Nginx includes: include /etc/nginx/conf.d/*.conf; in nginx.conf which should already do this.

    Can you clarify whether the additional include is necessary?

    Thanks

    • Jeff Starr 2021/03/01 10:54 am • Post Author

      I based the tutorial steps on the setup I have over at Digital Ocean. I’m not an Nginx pro, so can’t speak to other configurations that may differ. Basically there are two parts to the firewall: the configuration and the rules. The key to implementing is to make sure that both are included in your Nginx config. The directory/paths may vary from server to server. I should have mentioned this in the article.

  3. Ken 2021/04/23 11:15 am

    Hi Jeff,
    I know that you’ve said that you aren’t an nginx pro… Neither am I…Nor am I a Plesk pro, which one of my clients uses.

    In Plesk Obsidian for the site, it does not look like I have access to an nginx folder. I do have an “Apache & nginx Settings” area which includes a texarea for “Additional nginx directives” with the info…

    “Additional nginx directives

    Here you can specify the settings for the nginx reverse proxy server that runs in front of Apache. Your directives will override the server-wide nginx configuration. For example, you may want to change the connection timeout or to pack requests with gzip. Use the same syntax as you use for nginx.conf. For example, if you want to pack all the proxied requests with gzip, add the line: ‘gzip_proxied any;’.”

    I’m assuming that I should be able to copy and paste the 7G nginx into that field. Might you have any knowledge one way or the other?

    Thanks again for all of your work on this!

    • Jeff Starr 2021/04/24 9:09 am • Post Author

      Hi Ken, glad to help but not sure about the specifics for your setup. Best advice would be to ask your web host, they will know best and be able to help with any configuration questions, etc.

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
USP Pro: Unlimited front-end forms for user-submitted posts and more.
Thoughts
I disabled AI in Google search results. It was making me lazy.
Went out walking today and soaked up some sunshine. It felt good.
I have an original box/packaging for 2010 iMac if anyone wants it free let me know.
Always ask AI to cite its sources. Also: “The Web” is not a valid answer.
All free plugins updated and ready for WP 6.6 dropping next week. Pro plugin updates in the works also complete :)
99% of video thumbnail/previews are pure cringe. Goofy faces = Clickbait.
RIP ICQ
+ More thoughts »
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.
Topics
Perishable Press Newsletter
Get news, updates, deals & tips via email.
Your email will remain private. Easy unsubscribe anytime.
Find me on the social medias
Around the site
WordPress help
Favorite projects
© 2004–2024 Perishable Press • Yes Theme by Monzilla Media • Built w/ shapeSpaceSitemapPolicyRSSJohn 3:16